Appl. No. 09/998,910 PATENT 
Amdt. dated October 19, 2005 

Amendment under 37 CFR 1.116 Expedited Procedure Examining Group 2142 

No claims have been added, canceled or amended in this paper. The following listing of claims, 
therefore, is provided merely for the convenience of the Examiner: 

Listing of Claims: 

1 . (Previously presented) In an identity system, a method for defining a 
workflow for managing entity identities, the method comprising the steps of: 

the identity system accessing a template that indicates parameters for defining 

workflows; 

creating a definition of a first workflow for managing at least one identity of at 
least one entity, based on said template; and 

storing said definition of said first workflow. 

2. (Original) A method according to claim 1, wherein: 

said template includes a set of parameters for each action available to a workflow 

type. 

3. (Original) A method according to claim 1, wherein: 
said template is an XML document. 

4. (Original) A method according to claim 1 , further comprising the steps of: 
adding data to said template after said step of storing; 

creating a definition of a second workflow after said step of adding data; and 
storing said definition of said second workflow. 

5. (Original) A method according to claim 1, further comprising the step of: 
creating said template. 

6. (Original) A method according to claim 5, wherein said step of creating 
said template includes the steps of: 

adding a set of workflow types to said template; 
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adding one or more actions for at least a subset of said workflow types; and 
adding parameters for at least a subset of said actions. 

7. (Original) A method according to claim 1 , wherein: 
said template applies to only one application. 

8 (Original) A method according to claim 1, wherein: 
said template includes parameters for creating objects, deleting objects and 
changing attributes. 

9. (Original) A method according to claim 1 , wherein: 
said template includes parameters for self registration. 

10. (Original) A method according to claim 1, wherein: 

said template includes a parameter indicating whether supplied variables can be 
used in said step of creating. 

1 1 . (Original) A method according to claim 1 , wherein: 

said template includes a parameter indicating whether additional workflows can 
be used to supply data. 

12. (Original) A method according to claim 1 1 , wherein: 

said additional workflows includes multiple levels of nesting of workflows. 

13. (Previously presented) A method according to claim 1 , wherein: 
the identity system is integrated with an access system. 

14. (Original) A method according to claim 1, wherein said step of creating 
includes the step of: 

accessing one or more parameters in said template; 

offering a set of options based on said accessed parameters; and 

receiving a selection of one or more of said offered options. 
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15. (Original) A method according to claim 1, wherein said step of creating 
includes the steps of: 

determining a first set of possible actions for a particular step based on said 

template; 

reporting said first set of possible actions; and 

receiving a selection of a first action of said first set of possible actions. 

16. (Original) A method according to claim 1, wherein said step of creating 
includes the steps of: 

determining a first set of possible data types for a particular action based on said 

template; 

reporting said first set of possible data types; 

receiving an indication of a variable for said first workflow; and 

receiving a selection of a first data type for said variable. 

17. (Original) A method according to claim 16, wherein: 
said first data type is a variable supplied by another workflow. 

1 8 . (Original) A method according to claim 1 , wherein said step of creating 
includes the steps of: 

determining whether pre actions are available for a particular action based on said 

template; 

reporting whether pre actions are available for said particular action; and 
receiving a selection of whether to add pre actions to said definition of said first 
workflow for said particular action. 

19. (Original) A method according to claim 1, wherein said step of creating 
includes the steps of: 

determining a first set of possible entry conditions for a particular action based on 

said template; 
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reporting said a first set of possible entry conditions; 

receiving a selection of a first entry condition of said first set of possible entry 

conditions; 

determining and reporting whether said first entry condition is associated with a 
sub-workflow; and 

receiving an indication whether said first workflow should wait for said sub- 
workflow. 

20. (Original) A method according to claim 1, wherein said step of creating 
includes the steps of: 

determining a first set of possible actions for a particular step based on said 

template; 

reporting said first set of possible actions; 

receiving a selection of a first action of said first set of possible actions; 
determining a first set of possible data types for said first action based on said 

template; 

reporting said first set of possible data types; 

receiving an indication of a variable for said first workflow; 

receiving a selection of a first data type for said variable; 

determining whether pre or post actions are available for said first action based on 

said template; 

reporting whether pre or post actions are available for said first action; 
receiving a selection of whether to add pre or post actions to said definition of 
said first workflow for said first action; 

determining a first set of possible entry conditions for said first action based on 

said template; 

reporting said a first set of possible entry conditions; 

receiving a selection of a first entry condition of said a first set of possible entry 

conditions; 
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determining and reporting whether said first entry condition is associated with a 
sub-workflow; and 

receiving an indication whether said first workflow should wait for said sub- 
workflow. 

21. (Original) A method according to claim 1, wherein said step of creating 
includes the steps of: 

accessing one or more parameters in said template; 

offering a set of options in a graphical user interface based on said accessed 
parameters; and 

receiving a selection of one or more of said offered options using said graphical 

user interface. 

22. (Previously presented) One or more processor readable storage devices 
having processor readable code embodied on said processor readable storage devices, said 
processor readable code for programming one or more processors to perform a method for 
defining a workflow for managing entity identities, the method comprising the steps of: 

accessing a template that indicates parameters for defining workflows; 
creating a definition of a first workflow for managing at least one identity of at 
least one entity, based on said template; and 

storing said definition of said first workflow. 

23. (Original) One or more processor readable storage devices according to 
claim 22, wherein said method further comprises the steps of: 

adding data to said template after said step of storing; 

creating a definition of a second workflow after said step of adding data; and 

storing said definition of said second workflow. 
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24. (Original) One or more processor readable storage devices according to 
claim 22, wherein said method further comprises the step of creating said template, said step of 
creating said template includes the steps of: 

adding a set of workflow types to said template; 

adding one or more actions for at least a subset of said workflow types; and 
adding one or more parameters for at least a subset of said actions. 

25. (Original) One or more processor readable storage devices according to 
claim 22, wherein: 

said template includes parameters for self registration. 

26. (Original) One or more processor readable storage devices according to 
claim 22, wherein: 

said template includes a parameter indicating whether additional workflows can 
be used to supply data. 

27. (Original) One or more processor readable storage devices according to 
claim 26, wherein: 

said additional workflows includes multiple levels of nesting of workflows. 

28. (Original) One or more processor readable storage devices according to 
claim 22, wherein: 

said steps of accessing, creating and storing are performed by an integrated 
identity and access system. 

29. (Original) One or more processor readable storage devices according to 
claim 22, wherein said step of creating includes the steps of: 

accessing one or more parameters in said template; 
offering a set of options in a graphical user interface based on said accessed 
parameters; and 
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receiving a selection of one or more of said offered options using said graphical 

user interface. 

30. (Original) One or more processor readable storage devices according to 
claim 22, wherein said step of creating includes the steps of: 

determining a first set of possible actions for a particular step based on said 

template; 

reporting said first set of possible actions; and 

receiving a selection of a first action of said first set of possible actions. 

3 1 . (Original) One or more processor readable storage devices according to 
claim 22, wherein said step of creating includes the steps of: 

determining a first set of possible data types for a particular action based on said 

template; 

reporting said first set of possible data types; 
receiving an indication of a variable for said first workflow; and 
receiving a selection of a first data type of said variable, said first data type is a 
variable supplied by another workflow. 

32. (Original) One or more processor readable storage devices according to 
claim 22, wherein said step of creating includes the steps of: 

determining a first set of possible entry conditions for a particular action based on 

said template; 

reporting said first set of possible entry conditions; 

receiving a selection of a first entry condition of said first set of possible entry 

conditions; 

determining and reporting whether said first entry condition is associated with a 
sub-workflow; and 

receiving an indication whether said first workflow should wait for said sub- 
workflow. 
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33. (Previously presented) An apparatus that can be used to define a 
workflow, comprising: 

a communication interface; and 

one or more processors in communication with said communication interface; and 

a computer readable medium having embodied thereon a set of instructions 
executable to perform a method for defining a workflow for managing entity identities, the 
method comprising the steps of: 

accessing a template that indicates parameters for defining workflows; 

creating a definition of a first workflow for managing at least one identity of at 
least one entity, based on said template; and 

storing said definition of said first workflow. 

34. (Original) An apparatus according to claim 33, wherein: 

said template includes a parameter indicating whether additional workflows can 
be used to supply data, said additional workflows includes multiple levels of nesting of 
workflows. 

35. (Original) An apparatus according to claim 33, wherein: 

said steps of accessing, creating and storing are performed by an integrated 
identity and access system. 

36. (Original) An apparatus according to claim 33, wherein said step of 
creating includes the steps of: 

accessing one or more parameters in said template; 

offering a set of options in a graphical user interface based on said accessed 
parameters; and 

receiving a selection of one or more of said offered options using said graphical 

user interface. 
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37. (Original) An apparatus according to claim 33, wherein said step of 
creating includes the steps of: 

determining a first set of possible actions for a particular step based on said 

template; 

reporting said a first set of possible actions; and 

receiving a selection of a first action of said a first set of possible actions. 

38. (Original) An apparatus according to claim 33, wherein said step of 
creating includes the steps of: 

determining a first set of possible data types for a particular action based on said 

template; 

reporting said first set of possible data types; 
receiving an indication of a variable for said first workflow; and 
receiving a selection of a first data type of said variable, said first data type is a 
variable supplied by another workflow. 

39. (Original) An apparatus according to claim 33, wherein said step of 
creating includes the steps of: 

determining a first set of possible entry conditions for a particular action based on 

said template; 

reporting said a first set of possible entry conditions; 

receiving a selection of a first entry condition of said first set of possible entry 

conditions; 

determining and reporting whether said first entry condition is associated with a 
sub-workflow; and 

receiving an indication whether said first workflow should wait for said sub- 
workflow. 

40. (Previously presented) A method according to claim 1 , wherein the 
workflow performs a task selected from the group consisting of: creating a user, deleting a user, 
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subscribing a user to a group, enrolling a certificate, renewing a certificate, revoking a certificate, 
and changing a user attribute. 

41. (Previously presented) A method according to claim 1, wherein the at least 
one entity is selected from among the group consisting of at least one user, at least one group and 
at least one organization. 

42. (Previously presented) A method according to claim 1, further comprising: 
a workflow engine invoking the workflow. 

43. (Previously presented) A method according to claim 42, wherein the 
workflow comprises a set of actions comprising one or more actions, the method further 
comprising: 

a client program performing one of the one or more actions. 

44. (Previously presented) A method according to claim 43, the method 
further comprising: 

the workflow engine passing to the client program a callback handle uniform 
request locator ("callback URL"); 

the workflow engine pausing the workflow; 

upon completion of the one or more actions, the client program invoking the 
callback URL; and 

upon an invocation of the callback URL, the workflow engine restarting the 

workflow. 

45. (Previously presented) A method according to claim 43, wherein 
performing the one of the one or more actions comprises: 

the client program composing an extended markup language ("XML") document 
comprising a request for the one of the one or more actions; 

the client program transmitting the XML document for reception by an 

application; 
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the application performing the one of the one or more actions; 
the application transmitting a second XML document for reception by the client 
program, the second XML document comprising an output message. 

46. (Previously presented) A method according to claim 45, wherein the client 
program communicates with the application using the simple object access protocol ("SOAP" ). 
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